[nginx] QUIC: discarding 0-RTT keys.
Илья Шипицин
chipitsine at gmail.com
Sun Aug 11 18:17:41 UTC 2024
Hello,
how was that found ? is there some compliance (automated) test ?
пт, 9 авг. 2024 г. в 18:57, Sergey Kandaurov <pluknet at nginx.com>:
> details: https://hg.nginx.org/nginx/rev/906a42885ce2
> branches:
> changeset: 9273:906a42885ce2
> user: Sergey Kandaurov <pluknet at nginx.com>
> date: Fri Aug 09 19:12:25 2024 +0400
> description:
> QUIC: discarding 0-RTT keys.
>
> For simplicity, this is done on successful decryption of a 1-RTT packet.
>
> diffstat:
>
> src/event/quic/ngx_event_quic.c | 10 ++++++++++
> 1 files changed, 10 insertions(+), 0 deletions(-)
>
> diffs (20 lines):
>
> diff -r 6392cb0d83e8 -r 906a42885ce2 src/event/quic/ngx_event_quic.c
> --- a/src/event/quic/ngx_event_quic.c Fri Aug 09 19:12:23 2024 +0400
> +++ b/src/event/quic/ngx_event_quic.c Fri Aug 09 19:12:25 2024 +0400
> @@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t
> }
> }
>
> + if (pkt->level == ssl_encryption_application) {
> + /*
> + * RFC 9001, 4.9.3. Discarding 0-RTT Keys
> + *
> + * After receiving a 1-RTT packet, servers MUST discard
> + * 0-RTT keys within a short time
> + */
> + ngx_quic_discard_ctx(c, ssl_encryption_early_data);
> + }
> +
> if (qc->closing) {
> /*
> * RFC 9000, 10.2. Immediate Close
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20240811/1a7f146b/attachment.htm>
More information about the nginx-devel
mailing list